Uber’s Encryption Failures

Uber’s 2016 data breach and its consequences have been an ongoing story.  The latest, and perhaps even last, major development concerns the verdict in the case of Uber’s former head of security, Joseph Sullivan, who was accused of covering up said breach.  Failure in security/encryption practices led to the company exposing over 50 million people’s personal data, and now Sullivan has been sentenced to three years of probation for his role in the scandal and perjury under oath.  A $50,000 fine and 200 hours of community service accompany the ruling.

When testifying to the FTC about another Uber breach that had occurred prior to his joining the company, Sullivan gave inaccurate assurances of Uber’s security improvements for the future data, as well as access and encryption practices—assurances which proved false about a week later when the next breach happened.  As a result, the cover up was made, the hackers were paid off $100,000 in bitcoin and given non-disclosure agreements, and the hole was dug ever deeper.  Even so, the former security chief received a more lenient sentence compared to the 15 months imprisonment sought by prosecutors. 

Nevertheless, it just goes to show: covering up one cybercrime with more cybercrime is hardly a winning solution.  No matter how diligent one works in data security, no matter how exemplary or virtuous their past practices and policies (as many testified Sullivan’s has been throughout his career), all it takes is one error to start the dominoes falling.  Before you know it, you’re on probation. 

Cyber threats are on the rise everywhere around the world.  You have North Korean hackers targeting hospitals in Seoul for their data, major food-products distributors are getting hit, and lawsuits come for any kind of firm.  Knowing this, it’s imperative to avoid the pitfalls into which Uber fell. 

Uber felt forced to lie to regulators over their encryption practices, which fell well short of the promised mark and led to this snowballing debacle.  When faced with an inadequate encryption standard across your enterprise, NetLib Security’s Encryptionizer product provides the solution.  A cost-effective platform, Encryptionizer allows for transparent data encryption no matter where the sensitive data rests, be it virtual, physical or cloud environments.  With Encryptionizer, misrepresentations and a false sense of security become unnecessary relics.


By: Jonathan Weicher, post on May 12, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security